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Amendments to the Claims: 



This listing of claims will replace all prior versions, and listings, of claims in the 
Application: 

Listing of Claims: 

Claim 1 (Currently amended): A methi)d for caching and accessing access 
riglits^ a distributed computing system, the niethod comprising th e st e ps of : 
C accessing, by a software agent, a directlpry service, wherein the agent is located 
on a deputization point coupled to the directorylservice, and wherein the directory 



service comprises tlie7ight|>of a software principal to a resource; 



updating, by the agent, (tlTe7ightslo )an access control list cache, wherein the 
access control list cache is coupled to the deputization point and to the principal; 
^1 receiving, at the access control list cache, \a request from the principal for the 

rights; \ 

retrieving, by the access control list cache, (Jhe'ligi^^ 

foHA^arding, to the principal, the rights ; and 

deputizing the principal to enable the principal to delegate the rights to at least 
one software entity, wherein the at least one softwal^e entity can exercise the rights due 
to the delegation . 

Claim 2 (Original): The method of claim 1, whWein the access control list cache 
is comprised of a first table comprising the principal that has access to the resource. 

Claim 3 (Original): The method of claim 1 , wherein the access control list cache 
is comprised of a second table comprising the rights of tne principal to the resource. 

Claim 4 (Original): The method of claim 1, wherein the access control list cache 
is comprised of a third table comprising a cached access to the resource object. 
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Claim 5 (Currently amended): ithe method of claim 2 further comprising th e st e p 
of invoking, by the directory service, a resource manager, if the first table does not 
contain the principal that has access to the resource, wherein the resource manager is 
coupled to the directory service and comp\ises access information and rights of the 
principal to the resource. 



Claim 6 (Currently amended): The method of claim 5 further comprising tho stop 
of mapping, by the resource manager, an access control of the rights in the resource 
manager to an access control of the rights in the directory service. 



hod of claim 6 further comprising th e st e p 



V Claim 7 (Currently amended): The met 
Jof updating, by the resource manager, the map'ped access control of the rights to the 
[ access control list cache. 

Claims 8 and 9 (Cancelled). 



Claim 10 (Currently amended): The method of claim 1 , further comprising at 
least one of the following st e ps actions from the group consisting of: 

asynchronously updating, by the agent to the access control list cache, the 
rights, when the rights are added to the directory service; 

asynchronously updating, by the agent to the access control list cache, the 
rights, when the rights are removed from the directory service; 

asynchronously updating, by the agent -to the access control list cache, the 
rights, when the request from the principal is received: 

synchronously updating, by the agent tolthe access control list cache, the 
rights, when the rights are added to the directory service; 

synchronously updating, by the agent to tie access control list cache, the 
rights, when the rights are removed from the directory service; 

synchronously updating, by the agent to Vr\e access control list cache, the 
rights, when the request from the principal is received; 
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updating, at a scheduled tirjie, the rights by the agent to the access control 
list cache; and 

updating, after a time to live\has expired, the rights by the agent to the 
access control list cache. 



Claim 1 1 (Currently amended): A d stributed computing system supporting 
access control caching, the system comprises: 

a plurality of computers, each having a memory and a processor; 
a plurality of communication links connecting the plurality of computers; 
a principal located on a first onle of the computers; 
an agent located on a second one of the computers; 
a resource located on a third one of the computers; 
a first set of rights located on a 'ourth one of the computers; 
a second set of rights located on a fifth one of the computers; 
means for accessing, by the agent, the first set of rights of the principal to 



, the first set of rights to an access 



the resource; | 
means for updating, by the agen 
control list cache, wherein the access control I st cache is located on a sixth one of the 
computers; 

means for receiving, at the access control list cache, a request from the 
principal for the first set of rights; 

means for retrieving, by the access control list cache, the first set of rights; 

onH I 
crrTCr I 

means for fonA/arding, to the principal, the first set of rights ; and 
means for providing, to the principal, a deputization certificate adapted for 
enabling the principle to copy its rights to at least one software entity . 



Claim 12 (Original): The system of claim 
invoking the second set of rights, if the first set cpf 
of the computers. 



1 1 further comprises means for 
rights is not located on the fourth one 
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Claim 13 (Original): The system k claim 12 further comprises means for 
mapping an access control of the of the second set of rights to an access control of the 
first set of rights. 

Claim 14 (Original): The system of djaim 13 further comprises, means for 
updating the access control list cache with thp mapped access control of the first set of 
rights. 

Claim 15 (Currently amended): A computer storage medium having a 
configuration that represents data and instructions which will cause performance of 
^method steps for caching and accessing rights ip a distributed computing system, the 
method comprising th e st e ps of : 

accessing, by a software agent, a director^ service, wherein the agent is located 
on a deputization point coupled to the directory service having the rights of at least one 
principal to at least one resource; 

updating, by the agent, the rights to an accefes control list cache, wherein the 
access control list cache is coupled to the deputizat\on point, and wherein the access 
control list cache is coupled to the principal; 

receiving, at the access control list cache, a request from the principal for the 

rights; 

retrieving, by the access control list cache, the /fights; afid 
forwarding, to the principal, the rights; 

forwarding, to the principal a deputization creder^ftial empowering the principal to 
deputize software entities; and 

deputizing, by the principal at least one of the software entities, wherein the 
software entity can exercise the rights due to the deputizaiion . 



Claim 16 (Currently amended): The configured storage medium of claim 15 
further comprising th e st e p of invoking, by the directory service, a resource manager, if 
the access control list cache does not contain one of the righis, wherein the resource 
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manager is coupled to the director>\service, and wherein the resource manager 
comprises the one right. 



Claim 17 (Currently amended): The configured storage medium of claim 16 
further comprising th e st e p of mapping, by the resource manager, an access control of 
the one right to an access control of t^e rights. 



Claim 18 (Currently amended); \The configured storage medium of claim 17 
further comprising th e st e p of updating, \by the resource manager, the mapped access 
control of the rights to the access contro] list cache. 

Claim 19-22 (Cancelled). 

Claim 23 (New): A method for controlling access within a computer system 
using deputization, the method comprising:! 

receiving an access authorization request at a deputization point from a principal; 

determining whether to validate the pl^incipal based on the access authorization 
request; 

identifying an access authorization lev^l for the principal if the principal is 
validated; and 

providing the principal with deputizing abthority at the identified access 
authorization level, wherein the deputizing authprity enables the principal to give at least 
one software entity within the computer system a level of access authorization equal to 
or lesser than the principal's access authorization level. 

Claim 24 (New): The method of claim 23 wherein determining whether to 
validate the principal includes comparing informatfpn present in the access authorization 
request to a plurality of access rights contained in an access control list cache. 
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Claim 25 (New): The methoa of claim 24 further comprising: 
invoking a resource manager if the access control list cache does not contain an 
access right associated with the access authorization request; 

locating the access right associated with the access authorization request; and 
mapping the access right into the plurality of access rights. 

Claim 26 (New): The method of iclaim 23 further comprising deputizing, by the 
principal, a first software entity, wherein the first software entity has a level of access 
authorization equal to or lesser than the principars access authorization level. 

Claim 27 (New): The method of cla\m 26 wherein deputizing includes defining a 
level of access authorization and a lifespan W the deputization. 

Claim 28 (New): The method of claini 26 further comprising deputizing, by the 
first software entity, a second software entity, wherein the second software entity has a 
level of access authorization equal to or lesser\han the first software entity's access 
authorization level. 



